Archive for November, 2006

Last month Google launched a new searching feature named (Code Search) which gives Google users the ability to search public source code of the indexed web pages!

It is a great tool for programmers and code developers indeed; however, it is also a great tool for the hackers!!
From now on, if you keep your configuration script files, for instance, publicly available… expect that your passwords will be compromised really quick!

For more about exploiting Google Code Search click here, here and here

Bruce Schneier is asking what is the point of these questions appear in the U.S. Visa application:
- Have you ever been arrested or convicted for any offense or crime, even through subject of a pardon, amnesty or other similar legal action?
- Have you ever unlawfully distributed or sold a controlled substance (drug), or been a prostitute or procurer for prostitutes?
- Did you seek to enter the United States to engage in export control violations, subversive or terrorist activities, or any other unlawful purpose?
- Are you a member or representative of a terrorist organization as currently designated by the U.S. Secretary of State?
- Have you ever participated in persecutions directed by the Nazi government or Germany; or have you ever participated in genocide?

BTW, the U.K. Visa application involves similar questions….
It’s obvious that a terrorist or a drug dealer wouldn’t reveal their criminal identities!
Is it that “if someone is convicted of one of these activities he can also be convicted of visa-application fraud” as Bruce deduced?
If so, then there is no security benefits behind asking such questions… Do you agree?!
To read more press here

Now you can get the slides of the presentations given in the (RUXCON 2006, Australia). RUXCON is a conference organised by and for the Australian computer security community. RUXCON 2006 was held at the University of Technology.

Cisco has recently announced its new security certification for the “entry-level” engineers : Information Security Specialist Certification (ISSC). After completing the ISSC course, the engineers should demonstrate the foundational knowledge and skills required to install and support a Cisco Self-Defending Network.

I really think that this is a very good idea: security certification for the “entry-level” engineers!!
Press here for more information.

Information Systems Security Association (ISSA), the largest international association specifically for information security professionals and practitioners, announced an alliance with Microsoft to provide security training, education and networking opportunities to information security professionals around the world. ISSA will also identify Microsoft’s specific security education needs and priorities.

IDDY (Identity Deployment of the Year) is an award conducted by the Liberty Alliance, the famous alliance that aims to build open standard-based specifications for federated identity, provide interoperability testing, and to help provide solutions to identity theft.

The UK government has been awarded for it’s excellence in digital identity management. I think that such award at this specific time should give boosts to the UK government and should help with mitigating the pressures imposed on it, especially after raising many questions by the media around the repeated delays of the project of the national ID scheme and it’s feasibility…

“Security Engineering” is one of the best books -according to many Information Security experts- written on the topic of security engineering, the book is written by Ross Anderson a Professor of Security Engineering at Cambridge University. the book is published by Wiley and has been translated to many languages like Chinese and Japanese.

Now, you can get the book absolutely free from Prof. Ross’s personal website, press here.